[Impossible]

The downvotes are also because it's a somewhat cliche comment on HN now. Anytime anyone is doing any with C or C++ that is even indirectly web facing, "this could be unsafe!!!" is an obligatory comment, even though all major tech companies have core components written in C++, and there are big web apps that have been running for years that are mostly written in C or C++. Security is definitely a concern, but these kind of comments can derail interesting discussion, in the same way complaining about font readability or template choice in an otherwise interesting article can.

[caltrops]

This isn’t one of those. Handing large amounts of unvalidated user input to these libraries is particularly dangerous.

[fleitz]

To be fair most everything under the hood passes through to these libraries. So even sticking with python means passing unvalidated blobs through to libpng/jpeg/tiff or some other low level language.

It's the entire reason python is generally fast enough, anything that's slow generally uses a C lib under the hood anyway.

[CyberDildonics]

Where is the assumption coming from that it hasn't been validated?

[searealist]

Unvalidated user input? What are you talking about, this is about image resizing. Your buzzwords make no sense.

[LambdaComplex]

Yes, and images are user input in this case